Feed aggregator
Functions Everywhere, Only Once: Writing Functions for the Everywhere Computer
Article URL: https://fission.codes/blog/functions-everywhere-only-once/
Comments URL: https://news.ycombinator.com/item?id=39849837
Points: 1
# Comments: 0
Provably Secure DNS: A Case Study in Reliable Software (2013) [pdf]
Article URL: https://ironsides.martincarlisle.com/ICRST2013.pdf
Comments URL: https://news.ycombinator.com/item?id=39849818
Points: 2
# Comments: 0
Update Chrome now! Google patches possible drive-by vulnerability
Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks.
The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.
So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerability in this patch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome.
If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from those vulnerabilities.
After the update, the version should be 123.0.6312.86, or later
Technical detailsGoogle never gives out a lot of information about vulnerabilities, for obvious reasons. Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
There is one critical vulnerability that looks like it might be of interest to cybercriminals.
CVE-2024-2883: Use after free (UAF) vulnerability in Angle in Google Chrome prior to 123.0.6312.86 could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Angle is a browser component that deals with WebGL (short for Web Graphics Library) content. WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser without the use of plug-ins.
UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, when the vulnerability is exploited, it can lead to heap corruption.
Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.
Chromium vulnerabilities are considered critical if they “allow an attacker to read or write arbitrary resources (including but not limited to the file system, registry, network, etc.) on the underlying platform, with the user’s full privileges.”
So, to sum this up, in this case an attacker could create a specially crafted HTML page–which can be put online as a website–that exploits the vulnerability, potentially leading to a compromised system.
My suggestion: don’t wait for the update, get it now.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.
Tor WebTunnel bridges mimic HTTPS traffic to evade censorship
Article URL: https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/
Comments URL: https://news.ycombinator.com/item?id=39849804
Points: 1
# Comments: 0
Adonis-Extension: A package that provides core extensions for AdonisJS 4.x
Article URL: https://github.com/stitchng/adonis-extensions
Comments URL: https://news.ycombinator.com/item?id=39849802
Points: 1
# Comments: 0
Cellfig: Scalable Airtable and Notion Alternative
Article URL: https://cellfig.com/
Comments URL: https://news.ycombinator.com/item?id=39849795
Points: 1
# Comments: 0
Flatpak Permission Survey
Article URL: https://ejona.ersoft.org/archive/2024/03/03/flatpak-perm-survey/
Comments URL: https://news.ycombinator.com/item?id=39849784
Points: 1
# Comments: 0
LLM Prompt Injection Worm
Article URL: https://www.schneier.com/blog/archives/2024/03/llm-prompt-injection-worm.html
Comments URL: https://news.ycombinator.com/item?id=39849783
Points: 1
# Comments: 0
URISanity: Sanitize URLs that may be malicious in the browser or Node.js
Article URL: https://github.com/codesplinta/URISanity
Comments URL: https://news.ycombinator.com/item?id=39849778
Points: 1
# Comments: 0
Harvard University removes human skin binding from book
Article URL: https://library.harvard.edu/statement-des-destinees-de-lame
Comments URL: https://news.ycombinator.com/item?id=39849773
Points: 2
# Comments: 0
With Diablo 4, Xbox Game Pass Is Now More Enticing Than Ever - CNET
Jeffrey Epstein's Island Visitors Exposed by Data Broker
Threat Indicators Show 2024 is Already Promising to be Worse Than 2023
In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators.
The post Threat Indicators Show 2024 is Already Promising to be Worse Than 2023 appeared first on SecurityWeek.
US Offering $10 Million Reward for Information on Change Healthcare Hackers
The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure.
The post US Offering $10 Million Reward for Information on Change Healthcare Hackers appeared first on SecurityWeek.
Mastering Machine Learning Model Evaluation: Techniques and Best Practices
In a landscape where 90% of machine learning models falter before reaching production, the imperative for robust model evaluation has never been clearer. The efficacy of machine learning hinges not only on technological prowess but also on astute application and evaluation methodologies.
The Importance of Model Evaluation in Machine Learning
Ensuring optimal model performance is not a mere aspiration but a strategic necessity. By adopting rigorous evaluation practices, organizations can:
- Ascertain Optimal Performance: Benchmark models against diverse alternatives to ensure peak performance.
- Ensure Reliability: Validate models' behavior and integrity, crucial for real-time applications.
- Avert Catastrophe: Prevent financial losses and user dissatisfaction through a thorough evaluation.
- Address Data Leakage: Safeguard against inadvertent data influences to maintain model integrity.
- Enable Continuous Monitoring: Adapt models to evolving environments through ongoing evaluation.
Evaluating Metrics and Techniques for Success
Choosing the right evaluation metrics is pivotal for accurate assessment:
- Accuracy, Precision, Recall, F1-score, and ROC-AUC offer nuanced insights into model performance across diverse scenarios.
- Techniques like Cross-Validation, Holdout Validation, Bootstrapping, and Stratified Sampling cater to various data types and challenges, ensuring robust evaluations.
Navigating Challenges with Best Practices
Effective model evaluation hinges on adherence to best practices, such as:
- Implementing proper data splitting and metric selection mitigates bias and aligns evaluation with model objectives.
- Avoiding common pitfalls like data leakage and overfitting enhances model validity and relevance.
- Continuous model monitoring and re-evaluation ensure adaptability and sustained performance.
Learn how model evaluation can prevent common pitfalls and guarantee optimal performance and reliability.
Read the Full Article on here- https://www.markovml.com/blog/model-evaluation-metrics
#ModelEvaluation #MachineLearningMetrics #MLPerformance #DataIntegrity #EvaluationTechniques #ModelValidity #PerformanceBenchmarking #DataLeakagePrevention #ContinuousMonitoring #MLBestPractices #MachineLearning #ModelPerformanceEval
Comments URL: https://news.ycombinator.com/item?id=39849562
Points: 1
# Comments: 0
A molecular mechanism for hippocampal memory
Article URL: https://www.nature.com/articles/s41586-024-07220-7
Comments URL: https://news.ycombinator.com/item?id=39849560
Points: 1
# Comments: 1